Method and system for operating a wireless access point for providing access to a network

ABSTRACT

A method is described for operating a single network adapter for use on two different sub-networks of the same type, and a corresponding apparatus. The method comprises setting up a first network address and routing table in the network adapter for use in the first sub-network; setting up a second network address and routing table in the network adapter for use in the second sub-network; receiving data for one of the first and second sub networks, and re-transmitting the data to the other of the first and second sub-network, using the network addresses and routing tables.

FIELD OF THE INVENTION

This invention relates to a method of operating a wireless access pointfor providing access to a network. This allows, for example, operationof a wireless access point for providing access to the Internet(commonly know as a “hotspot”).

BACKGROUND OF THE INVENTION

A system for connecting a wireless enabled device to a network via awireless local area network is shown in FIG. 1, and is described in moredetail in WO2006/021784. The system 1 a comprises a wireless accesspoint 3 connected via a modem 11 to a network 13, such as the Internet,and a server 15. The wireless access point 3 comprises a base station 7for providing a wireless connection to a wireless enabled device 9 and awireless access point controller 5 for controlling the connection of thewireless enabled device 9 to the network 13. The modem 11 and basestation 7 are connected to the wireless access point controller 5 atports 6 a and 6 b respectively of the wireless access point controller5.

The wireless enabled device 9 may be a personal digital assistant (PDA)19, a laptop 21, a desktop personal computer 23 or other wirelessenabled device. Such wireless enabled devices 9 are typically compliantwith the IEEE 802.11 specification and/or the Bluetooth® specification.

The server 15 comprises a server processor 16 and a storage means 17,which may comprise a database. Software is stored in the storage means17, and can be downloaded to a wireless access point 3. The storagemeans 17 also stores information about wireless access points 3 andsubscription data associated with users of wireless enabled devices 9subscribing to the network 1 a. The wireless access point 3 connects tothe server 15 via the network 13. A feature of this system is that anyperson can set-up and run a revenue generating hotspot.

A wireless access point 3 may be commissioned by downloading andinstalling software from the server 15 and by sending data from thewireless access point 3 to the server 15 to register the wireless accesspoint 3. The server 15 authenticates connection of a wireless enableddevice 9 to the network/Internet 13 via the wireless access point 3based on matching subscription data provided by the user of the wirelessenabled device 9 with subscription data stored in the storage means 17.

In FIG. 1, the wireless access point 3 is connected to the modem 11 by awired connection, for example, by an Ethernet cable. Alternatively, thewireless access point 3 may be connected to the modem 11 wirelessly. Abase station, such as a wireless router, may be connected by an Ethernetcable to the modem 11 and a further base station may be connected to afirst port 6 a of the wireless access point controller 5. Thisarrangement may be found, for example, where it is not possible tolocate the wireless access point controller 5 close to the modem.

In the system of FIG. 1, two ports 6 a, 6 b are used on the wirelessaccess point controller 5 of the wireless access point 3, each point 6a, 6 b having its own Internet Protocol (IP) address. A disadvantage ofthis arrangement is that each port 6 a, 6 b requires a network adaptor,such as a network card. As commonly available personal computers andlaptops are not conventionally provided with two network adaptors therequirements for two network adaptors is an impediment to commissioningof conventional wireless access points 3 as shown in FIG. 1.

However, in such prior art hotspot arrangements, it is necessary to havea separate router (for internet access) such as a modem 11 and awireless access point 3. This invention provides improvements to thesystem and method described above, allowing the use of a standardwireless router to provide a hotspot for guest access.

SUMMARY OF THE INVENTION

The present invention provides a method of operating a single networkadapter for use on two different sub networks of the same type, themethod comprising:

setting up a first network address and routing table in the networkadapter for use in the first sub-network;

setting up a second network address and routing table in the networkadapter for use in the second sub-network;

receiving data for one of the first and second sub-networks, andre-transmitting the data to the other of the first and secondsub-network, using the network addresses and routing tables,

characterised in that

the first sub-network includes a network gateway and the network adapteris configured as a hotspot controller to control access from the secondsub-network to the network gateway,

the step of receiving data comprises receiving a request from a user viathe second sub-network to access the gateway on the first sub-network,verifying the user's access rights, and allowing the user to access thegateway if and only if the user is entitled to access the gateway.

According to a second aspect of the invention, there is provided acomputing apparatus for exchanging network data traffic between a firstsub-network and a second sub-network, the apparatus comprising:

a network adaptor;

a processor;

a data store storing a driver for the network interface card, the driverbeing configured to store a first network address and routing table foruse in the first sub-network; a second network address and routing tablefor use in the second sub-network; to receive data for one of the firstand second sub-networks, and re-transmit the data to the other of thefirst and second sub-network, using the network addresses and routingtables,

wherein the first sub-network includes a network gateway and theapparatus is configured as a hotspot controller to control access fromthe second sub-network to the network gateway and comprises anauthentication controller for receiving a request from a user via thesecond sub-network to access the gateway on the first sub-network,verifying the user's access rights, and allowing the user to access thegateway if the user is entitled to access the gateway, or blocking theuser access to the gateway if the user is not entitled to access thegateway.

There is provided a method of operating a single network adapter for useon two different sub-networks of the same type, the method comprisingsetting up a first network address and routing table in the networkadapter for use in the first sub-network; setting up a second networkaddress and routing table in the network adapter for use in the secondsub-network; receiving data for one of the first and secondsub-networks, and re-transmitting the data to the other of the first andsecond sub-network, using the network addresses and routing tables.

The present invention further provides a computing apparatus forexchanging network data traffic between a first sub-network and a secondsub-network, the apparatus comprising a network adaptor; a processor;and a data store storing a driver for the network interface card, thedriver being configured to store a first network address and routingtable for use in the first sub-network; a second network address androuting table for use in the second sub-network; to receive data for oneof the first and second sub-networks, and re-transmit the data to theother of the first and second sub-network, using the network addressesand routing tables.

The second sub-network may comprise a NAT routable sub-network, that issubservient to the first sub-network. The first sub-network may includea network gateway. The apparatus may be configured as a hotspotcontroller to control access from the second sub-network to the networkgateway.

The network adaptor may be a single network interface card or module, orother type of network adaptor, configured to connect to a networkgateway using the first sub-network and a first network address, and toconnect with a user's computer using the second sub-network and a secondnetwork address.

The network gateway may be provided by a wireless internet router. Theapparatus may include means to generate broadcasts to inform wirelessstations that the single network adapter is a gateway (e.g. an internetgateway), and to send the broadcasts to the wireless internet router forforwarding to the wireless network. The apparatus may generate and sendthese broadcasts on the wireless network at a sufficient rate tooverride broadcasts from the wireless internet router which indicate thewireless internet router to be an internet gateway.

The apparatus may include means to detect packets automatically on atleast one of the first and second sub-networks that are not using thehotspot controller as the network gateway, and to automatically adjustthe rate of the broadcasts on the wireless network which specify thenetwork adaptor as the network gateway, according to the number of suchpackets that are detected. Thus, the rate may be increased when suchpackets are detected, and decreased if no such packets have beendetected for a predetermined time, or according to some other criteria.

The apparatus may include means to receive a user instruction to adjustthe rate of generating and sending broadcasts on the wireless networksetting the network adapter as the gateway, and adjusting the rateaccording to the user instruction.

The apparatus may include means to receive a request from a user via thesecond sub-network to access the gateway on the first sub-network,verifying the user's access rights, and allowing the user to access thegateway if the user is entitled to access the gateway, or blocking theuser access to the gateway if the user is not entitled to access thegateway. The apparatus may include means for retrieving locally orremotely stored user subscription information or information about userpermissions to access the gateway.

The apparatus may include means for controlling the allocated bandwidththrough the gateway for users connecting via the second sub-network.This may be done on a user specific basis, or on a general basis.

The single network adapter may be an Ethernet adapter, and may beinstalled in a personal computer. Driver software may be provided toconfigure a standard Ethernet adaptor as an embodiment of the invention,allowing it to exchange network traffic between the first and secondsub-networks.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described further, by way of example, withreference to the accompanying drawings, in which:

FIG. 1 shows a first known system for providing authenticated wirelessaccess to a network;

FIG. 2 shows a system for providing authenticated wireless access to anetwork according to an embodiment of the invention;

FIG. 3 shows a flowchart of data transfer from a guest computer to theinternet, in an embodiment of the invention; and

FIG. 4 shows a block diagram of a network interface driver for thehotspot controller, in an embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

Referring to FIG. 2, a wireless access point is comprised of a hotspotcontroller 105, and a wireless router 110 comprising a modem 111 and awireless transceiver 112 for wireless communications. In this example,the hotspot controller 105 is linked to the wireless router 110 via anethernet connection, although in other embodiments, other types of wiredor wireless link are possible instead. In this embodiment the hotspotcontroller 105 is a laptop computer. Alternatively, any general purposecomputer can be used. In this embodiment, the hotspot controller 105 isconfigured to control access to the internet. However, in alternativeembodiments, access to a different network or resource may be controlledinstead or additionally by the hotspot controller, such as a privatelocal area network, or wide area network.

The modem 111 is connected a network 113, for example the Internet usingthe services of an ISP (not shown). The skilled person will understandthat any other means for connecting the wireless access point to theInternet, or other network, can be used.

A server 115 is provided at a network location on the network 113, andthe server 115 is comprised of a server processor 116 and a storagemeans 117, which may comprise a database. The storage means 117 holdsinformation relating to operation of the wireless router and informationrelating to operation of other wireless access points which areregistered with that server 115. The wireless access points which areregistered with the server 115 and the server 115 itself form a group ofwireless access points, any of which can be used by subscribers to thenetwork, as is explained below.

A wireless enabled device 109 in range of the wireless router 110 can beconnected to the network 113 through the wireless access point 112. Thewireless enabled device 109 may be a personal digital assistant (PDA)119, a laptop 121, a desktop computer 123 or other device which can beconnected wirelessly to the access point 112.

The hotspot controller 105 is loaded with software which controls accessto the network 113 in conjunction with the server 115. The code requiredto install the software is available from the server 115 and can bedownloaded over the network 113. No software is required to be installedon any of the wireless enabled devices 109 in order to connect to thenetwork 113 through the wireless access point 112, other than industrystandard wireless utility software which enables access to any compliantwireless network. Such wireless enabled devices 109 are typicallycompliant with the IEEE 802.11 specification and/or the Bluetooth®specification. This invention is not limited to wireless enabled devices109 and base stations or access points compliant with thesespecifications, rather the invention can be implemented for any suchdevices which can be connected wired or wirelessly. The wireless routeris connected to a port 6 c of the wireless access point controller 105.

As well as the storage means 117 containing information about thewireless access point controller 105 registered at the server 115, italso contains data about end users of wireless enabled devices 109 whosubscribe to the system.

In use, when a wireless enabled device 109 is in range of the wirelessrouter it detects the presence of the wireless access point 112 and awireless connection can be initiated between the wireless enabled device109 and the wireless access point 112. When a web browser application isrun on the wireless enabled device 109, the software installed on thewireless access point controller 105 causes a login/sign-up page to bedisplayed on the web browser.

If the end user of the wireless enabled device 109 is not a subscriberof the access service to the network (e.g. internet) provided by thewireless router and the server 115, then the end user can enter personalinformation which is transmitted via the wireless router and the network113 to the server processor 116, and which is stored on the storagedevice 117, thereby registering the end user. Various subscription plansmay be used, and some examples are described in WO2006/021784.

Once registered, end user access may be authenticated by providing ausername and password, or other code that identifies the user, such as atext message, a PIN number e.g. for a prepaid account, etc, or byproviding a media access control (MAC) address of the device to theserver 115.

When the user of a wireless enabled device 109 logs in, the access pointcontroller 105 may check with the server 115 if the user of the wirelessenabled device 109 can be connected to the Internet 113 via the wirelessrouter. The server 115 checks the subscription information stored in thestorage means 117 and, if appropriate, authorizes the access pointcontroller 105 to allow full access to the network 113 to the end userof the wireless enabled device 109. In this manner, the server 115 actsas an authenticating means for authenticating the wireless access point112 to connect the wireless enabled device 109 to the network via thewireless access point 112. Network traffic is sent from the wirelessenabled device 109 to the wireless access point controller 105 via theaccess point 112, the wireless router, and network interface card 106 cof the hotspot controller 105. The hotspot controller 105 authenticatesaccess to the network 113 and forwards the network traffic back to thewireless router 110, for onward transmission to the network 113. Networktraffic from the network 113 to the wireless enabled device 109 istransmitted from the network 113 to the modem 111, from the modem 111 tothe hotspot controller 105, where the destination may be verified as anauthorised user. The hotspot controller 105 then sends the data to thewireless router, via network interface card 106 c of the hotspotcontroller 105, to the wireless access point 112 and then to thewireless enabled device 109.

In other embodiments, the user authentication information may be storedlocally on the hotspot controller 105 for known local guest users, toallow the guest users to connect to the network 113 even withoutverification from the server 115.

An advantage of the system 2 of FIG. 2 is that only a single networkinterface card 106 c is required on the wireless access point controller5 for the system 102 to operate.

This can significantly speed up the setting up and indeed the datatransfer from one sub-network to the other. The network interface cardmay be a removable adaptor for connecting to a computing device, eitherexternally or internally, or it may be built in to the hardware of thecomputer, for example, built into the computer motherboard.

A system such as that of FIG. 2, in which the hotspot controller has awired link to the router, provides extra security. However, it is alsopossible to replace this wired link with a wireless link, although thismay result in a lower level of security.

FIG. 3 is a flowchart showing the process of sending data from a guestuser's computer 109 to the internet. At step S201, the hotspotcontroller 105 makes a broadcast on the wireless network, via thewireless access point 112 in the wireless router 110, informing stationson the wireless network that the hotspot controller 105 is in fact thegateway to the internet, instead of the wireless router 110 being thegateway. The wireless router 110 will also be making broadcasts,indicating that it is the gateway to the internet. Thus, the hotspotcontroller 105 sends a much higher frequency of such broadcasts, so thata station listening on the wireless network has a much greaterprobability of detecting the broadcast message from the hotspotcontroller 105 stating that the hotspot controller 105 is the gateway,rather than detecting a broadcast from the wireless router 110 statingthat it is the gateway. This almost guarantees a station attempting toconnect to the wireless network will be subject to internet accesscontrol by the hotspot controller 105.

For example, in IEEE 802.11 networks, a beacon is broadcast by an accesspoint (AP) to indicate to stations on the wireless network that the APis present. The beacon normally includes an SSID (Service SetIdentifier) for the AP, the time, capabilities, supported data rates,and physical layer parameter sets that allow smooth regulation of thewireless network. The SSID is a 1 to 32 byte value that labels thewireless network, and allows stations using one network to ignoreanother network. Thus, the hotspot controller may generate a beacon overthe same SSID as the wireless router, so that a user scanning for anetwork will not see the beacon broadcasts generated by the hotspotcontroller and by the wireless router as being from two separatenetworks.

The hotspot controller 105 is connected to the wireless router 110 viaan Ethernet connection, in this embodiment. It therefore sends itswireless broadcast message to the wireless access point 112 in thewireless router 110, via the Ethernet link to the wireless router 110.

In this embodiment, there is only a single wireless access point 112,which is part of the wireless router. In alternative embodiments,additional wireless access points may be provided.

In this embodiment the wireless access point 112 and the modem 111 areboth part of a wireless router 110. In alternative embodiments, they maybe separate, and the wireless access point 112 may be connected to themodem 111 via an Ethernet link or some other kind of link. In yetfurther embodiments, with a wireless router 110, the wireless router 110may have embedded software to implement hotspot controllerfunctionality, so that the modem 111, wireless access point 112 andhotspot controller 105 are all provided in the same physical device.

At step S202, the guest user's computer 109 generates a packet includingdata to be sent to a location on the internet. The guest user's packetis sent over the wireless network to the access point 112 at thewireless router 110, and configured so that it is forwarded to thehotspot controller 105 as a gateway to the internet 113, which occurs atstep S203.

At step S204, at the hotspot controller 105, the packet is analysed todetermine whether the guest user is a registered user, who is authorisedto connect to the internet 113. In one example, the guest user isalready registered with the hotspot controller 105 and/or the server115, so that the user is known to the system as an authorised user, andthe process then proceeds to step S205. If the guest user is not alreadyauthorised to use the system, the hotspot controller 105 may initiate aregistration process, i.e. by allowing limited internet access to theguest and/or by contacting the server 115 and accepting registrationdetails from the guest user. The guest user may also provide paymentdetails, such as a credit card or voucher number, or a simple usernameand password to gain permission to access the internet. Afterregistration of the guest user and when any necessary pre-payment hasbeen arranged, the process then continues to step S205.

The hotspot controller 105 is configured to connect to two separatesub-networks, using a single network interface card (NIC). The first ofthese sub-networks is for traffic between the guest user's computers119, 121, 123 on the wireless network and the hotspot controller 105.The second sub-network is between the hotspot controller 105 and theinternet 113. For example, the first sub-network may have IP addressesof the form 10.0.1.x, and the second sub-network may have IP addressesof the form 10.0.2.x. This division into two sub-networks is what allowsthe hotspot controller 105 to control the guest access to the internet.At step S205, after the hotspot controller 105 has received and analyseda packet sent from a guest user's computer, which is intended for alocation on the internet, the network interface card 106 c in thehotspot controller then transfers the packet from one sub-network to theother, to allow it to continue on its journey to its final destinationon the internet, at step S206.

A similar process takes place for traffic from the internet to a guestuser's computer 109, including the packet analysis, guest userauthentication, and transfer of the packet from one sub-network to theother.

FIG. 4 shows a block diagram of the hotspot controller, including driversoftware for controlling the network interface card 106 e to transferpackets from one sub-network to the other in either direction. Thefigure shows an upper box, representing the user applications andservices on the hotspot controller 105. Below that is a lower box,representing the driver for transferring data from one sub-network tothe other. The driver includes a guest NIC controller and an internetNIC controller. Although these are shown as separate units, they bothcontrol the same single hardware network interface card, in a mannerwhich makes it appear as a separate NIC to each sub-network. Data can betransferred between the two sub-networks and/or sent to or received fromthe user applications and services, and this is indicated by arrows inthe figure, indicating possible data flow.

Packets going to or from the guest sub-network may also pass through auniversal client module. This module performs the function oftranslating a fixed IP that may be present on a guest device 109 thatdoes not correspond to the hotspot's (guest) subnet.

The driver may also include a bandwidth controller which controlsdelayed packet queues for traffic going to either of the twosub-networks. A NAT (Network Address Translation) module is provided forincoming and outgoing traffic associated with the internet sub-network.

It is not essential to make any adaptations to the router settings toperform the invention, and the embodiments of the invention will work ona standard home-use wireless router. In this embodiment, standardencryption methods such as WEP and WPA are not used on the wirelessnetwork. However, other types of data encryption or other protection maybe used, such as SSL, or security measures provided by the use of a VPN(virtual private network) between the hotspot controller and the guestcomputer.

As a precautionary measure the hotspot controller can defend againstcertain computers who may attempt to by-pass the hotspot process, and ineffect, get free access to the internet. This is achieved by the driverconfiguring the ARP (address resolution protocol) table of the network,hence directing traffic to the hotspot controller, via the universalclient.

The hotspot controller may store a list of computers or users with freeaccess to the network gateway, e.g. computers or users who do not haveto pay for internet access. This can be done on a hardware basis, e.g.storing MAC addresses, or on a user basis, e.g. storing user IDs.

If the hotspot controller 105 detects attempts to by-pass the hotspotcontroller 105 by computers that already established a connection eitherwith a fixed IP address corresponding to the hotspot (guest) subnet orprevious established connection before hotspot was running orconfigured, it may use a more aggressive broadcasting policy, and ARPmanipulation for example, by increasing the frequency at which itbroadcasts these messages to the wireless network thus indicating thatit is the gateway to the wireless network.

In some embodiments, the hotspot controller software is provided with avariable setting to select how frequently the wireless broadcasts areperformed. This may be wholly or partly a user-selected value, or it maybe automatically set. For example, it may be automatically increasedwhenever a by-pass attempt on the hotspot controller is detected, anddecreased if no by-pass attempts are detected in a given time period.

Embodiments of the invention, using a single network interface card, mayoperate with a faster data transfer speed than prior art devices usingtwo separate network cards, due to the reduced time to pass the datafrom one network to the other.

The present invention can be implemented in dedicated hardware, using aprogrammable digital controller suitably programmed, or using acombination of hardware and software.

Alternatively, the present invention can be implemented by software orprogrammable computing apparatus. This includes any computer, includingPDA's (personal digital assistants), mobile phones, etc. The code foreach process in the methods according to the invention may be modular,or may be arranged in an alternative way to perform the same function.The methods and apparatus according to the invention are applicable toany computer with a network connection.

Thus the present invention encompasses a carrier medium carrying machinereadable instructions or computer code for controlling a programmablecontroller, computer or number of computers as An apparatus as claimedin the invention. The carrier medium can comprise any storage mediumsuch as a floppy disk, CD ROM, DVD ROM, hard disk, magnetic tape, orprogrammable memory device, or a transient medium such as an electrical,optical, microwave, RF, electromagnetic, magnetic or acoustical signal.An example of such a signal is an encoded signal carrying a computercode over a communications network, e.g. a TCP/IP signal carryingcomputer code over an IP network such as the Internet, an intranet, or alocal area network.

While the invention has been described in teems of what are at presentits preferred embodiments, it will be apparent to those skilled in theart that various changes can be made to the preferred embodimentswithout departing from the scope of the invention, which is defined bythe claims.

What is claimed is:
 1. A method of operating a single network adapter,comprising a single network interface card or module, to communicatewirelessly with a first sub-network and a second sub-network, the methodcomprising: setting up a first network address and routing table in thenetwork interface card or module for use in the first sub-network;setting up a second network address and routing table in the networkinterface card or module for use in the second sub-network; using saidsingle network interface card or module to receive data for one of thefirst and second sub-networks, and to re-transmit the data to the otherof the first and second sub-network, using the network addresses androuting tables, wherein the first sub-network includes a network gatewayand the network adapter is configured to control access from the secondsub-network to the network gateway, and wherein the step of receivingdata comprises receiving a request from a user via the secondsub-network to access the gateway on the first sub-network, verifyingthe user's access rights, and allowing the user to access the gateway ifand only if the user is entitled to access the gateway.
 2. The method asclaimed in claim 1, wherein the second sub-network comprises a NATroutable sub-network that is subservient to the first sub-network. 3.The method as claimed in claim 1, wherein the network gateway isprovided by a wireless internet router, the first and second sub-networkbelong to a wireless network, and the method further comprises:generating broadcasts to inform wireless stations that the singlenetwork adapter is an internet gateway, and sending the broadcasts tothe wireless internet router for forwarding to the wireless network. 4.The method as claimed in claim 3, further comprising generating andsending said broadcasts on the wireless network at a sufficient rate tooverride broadcasts from the wireless internet router which indicatesthe wireless internet router to be an internet gateway.
 5. The method asclaimed in claim 4, further comprising automatically detecting packetson at least one of the first and second sub-networks that are not usingthe hotspot controller as the network gateway, and automaticallyadjusting the frequency of said broadcasts on the wireless network whichset the network adapter as the network gateway, according to the numberof such packets that are detected.
 6. The method as claimed in claim 3,further comprising receiving a user instruction to adjust the rate ofgenerating and sending said broadcasts on the wireless network settingthe network adapter as the gateway, and adjusting said rate according tothe user instruction.
 7. The method as claimed in claim 1, wherein saidverifying comprises retrieving locally or remotely stored usersubscription information or information about user permissions to accessthe gateway.
 8. The method as claimed in claim 1, further comprisingcontrolling an allocated bandwidth through the gateway for usersconnecting via the second sub-network.
 9. The method as claimed in claim1, wherein said method is performed by executing driver software toconfigure a standard network adapter to exchange network traffic betweenthe first and second sub-networks.
 10. The method as claimed in claim 1,wherein the step of receiving data comprises authorising andauthenticating a user.
 11. The method as claimed in claim 1, wherein thesecond sub-network includes a plurality of devices, said plurality ofdevices incorporating a respective plurality of network interface cardsor modules, said network interface card or module being configured tocommunicate directly with said plurality of network interface cards ormodules.
 12. The method as claimed in claim 1, wherein the firstsub-network and second sub-network are within wireless communicationrange of said single network interface card or module.
 13. A computingapparatus for exchanging network data traffic between a firstsub-network and a second sub-network, the apparatus comprising: anetwork adapter, comprising a single network interface card or module,for communicating wirelessly with the first sub-network and secondsub-network; a processor; a data store storing a driver for the networkinterface card or module, the driver being configured to store a firstnetwork address and routing table for use in the first sub-network; asecond network address and routing table for use in the secondsub-network; to operate said single network interface card or module toreceive data for one of the first and second sub-networks and tore-transmit the data to the other of the first and second sub-network,using the network addresses and routing tables, wherein the firstsub-network includes a network gateway and the network interface card ormodule is configured to control access from the second sub-network tothe network gateway and comprises an authentication controller forreceiving a request from a user via the second sub-network to access thegateway on the first sub-network, verifying the user's access rights,and allowing the user to access the gateway if the user is entitled toaccess the gateway, or blocking the user access to the gateway if theuser is not entitled to access the gateway.
 14. The apparatus as claimedin claim 13, wherein the network gateway is provided by a wirelessinternet router, the first and second sub-network belong to a wirelessnetwork, and the apparatus further comprises a transmitter forgenerating broadcasts to inform stations that the single network adapteris an internet gateway, and sending the broadcasts to the wirelessinternet router for forwarding to the wireless network.
 15. Theapparatus as claimed in claim 14, wherein the transmitter is configuredto generate and send said broadcasts on the wireless network at asufficient rate to override broadcasts from the wireless internet routerwhich indicates the wireless internet router to be an internet gateway.16. The apparatus as claimed in claim 15, further comprising a packetdetector for automatically detecting packets on at least one of thefirst and second sub-networks that are not using the hotspot controlleras the network gateway, and automatically adjusting the frequency ofsaid broadcasts on the wireless network which set the network adapter toas the network gateway, according to the number of such packets that aredetected.
 17. The apparatus as claimed in claim 13, wherein theauthentication controller comprises locally stored user subscriptioninformation or information about user permissions to access the gateway,or a retrieval system for retrieving user subscription information orinformation about user permissions from a remote location.
 18. Theapparatus as claimed in claim 13, wherein the authentication controlleris programmed to authorise and authenticate a user.
 19. A method ofoperating a single network adapter consisting of a single networkinterface card or module for communicating with a local area networkthat includes a first sub-network and a second sub-network of the sametype, the second sub-network including a plurality of devices, saidplurality of devices incorporating a respective plurality of networkinterface cards or modules, said network interface card or module beingconfigured to communicate directly with said plurality of networkinterface cards or modules, and the method comprising: setting up afirst network address and routing table in the network interface card ormodule for use in the first sub-network; setting up a second networkaddress and routing table in the network interface card or module foruse in the second sub-network; using the network interface card ormodule to receive data for one of the first and second sub-networks, andto re-transmit the data to the other of the first and secondsub-network, using the network addresses and routing tables, wherein thefirst sub-network includes a network gateway and the network interfacecard or module is configured as a hotspot controller to control accessfrom the second sub-network to the network gateway, and wherein the stepof receiving data comprises receiving a request from a user via thesecond sub-network to access the gateway on the first sub-network,verifying the user's access rights, and allowing the user to access thegateway if and only if the user is entitled to access the gateway.